Hello list, I've successfully managed to connect to Win 2000 Active Directory Server. The only information available in Jboss site is wrong and IMHO should be updated. The main error was the ldap://myhost.com which turns into a comment without "". My configuration now authenticates to the server but there are two things that don't work: -The displayname attribute is used to perform authentication independently of another one specified in uidAttributeID, which means that instead of login (cferrao) i have to write my complete name (Carlos Ferrao). - The roles are not verified. As I said in my previous mail, two groups exist in win2000AD (Tuser and Tadmin) and they are in the same CN as Users. I think the auth.conf parameters are not being used. Once again I've tried many attributes ("Users","Groups","userid") but the authorisation is never verified, returning the same output. Anyone knows which attributes should go into auth.conf in order to get this info from win 2000 AD? Here's the output of JBoss: [siigpstestBean] Authentication exception, principal=Carlos Ferrao [Default] LdapLoginModule.login [Default] Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, rolesCtxDN=cn=Users,o=critical.pt, java.naming.provider.url=ldap://hall:389, java.naming.security.principal=Carlos Ferrao, java.naming.security.authentication=simple, java.naming.security.credentials=xxxxxxxx} [Default] Logged into LDAP server, javax.naming.ldap.InitialLdapContext@20f237 [siigpstestBean] Insufficient method permissions, principal=Carlos Ferrao, method=create, requiredRoles=[Tuser, Tadmin] here's the auth.conf (it works): libsec { org.jboss.security.plugins.samples.LdapLoginModule required java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory //principalDNPrefix="" uidAttributeID="Users" roleAttributeID="Users" //principalDNSuffix="DC=critical,DC=pt" rolesCtxDN="CN=Users,DC=critical,DC=pt" rolesCtxDN="cn=Users,o=critical.pt" java.naming.provider.url="ldap://hall:389" java.naming.security.authentication="simple" ; }; Here's my info and Tadmin group in win 200 Active Directory: Expanding base 'CN=cferrao,CN=Users,DC=critical,DC=pt'... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=cferrao,CN=Users,DC=critical,DC=pt 2> memberOf: CN=Tadmin,CN=Users,DC=critical,DC=pt; CN=Tuser,CN=Users,DC=critical,DC=pt; 1> accountExpires: 0; 1> badPasswordTime: 126454878327854035; 1> badPwdCount: 0; 1> codePage: 0; 1> cn: cferrao; 1> countryCode: 0; 1> displayName: Carlos Ferrao; 1> instanceType: 4; 1> lastLogon: 126454880261197150; 1> logonCount: 285; 1> logonHours: <ldp: Binary blob>; 1> distinguishedName: CN=cferrao,CN=Users,DC=critical,DC=pt; 1> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=critical,DC=pt; 4> objectClass: top; person; organizationalPerson; user; 1> objectGUID: 132af00f-0b0f-49e8-b2a9-a502056ce938; 1> objectSid: S-15-2431463-72FF6BA7-5EE08E3-486; 1> primaryGroupID: 513; 1> pwdLastSet: 126168820329684352; 1> name: cferrao; 1> sAMAccountName: cferrao; 1> sAMAccountType: 805306368; 1> userAccountControl: 512; 1> uSNChanged: 3827; 1> uSNCreated: 3827; 1> whenChanged: 5/3/2001 2:52:18 GMT Standard Time GMT Daylight Time; 1> whenCreated: 3/14/2001 16:1:28 GMT Standard Time GMT Daylight Time; Expanding base 'CN=Tadmin,CN=Users,DC=critical,DC=pt'... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=Tadmin,CN=Users,DC=critical,DC=pt 1> member: CN=cferrao,CN=Users,DC=critical,DC=pt; 1> cn: Tadmin; 1> groupType: -2147483646; 1> instanceType: 4; 1> distinguishedName: CN=Tadmin,CN=Users,DC=critical,DC=pt; 1> objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=critical,DC=pt; 2> objectClass: top; group; 1> objectGUID: fb4d9c02-8eb8-497b-9e29-50ae33bf1eef; 1> objectSid: S-15-2431463-72FF6BA7-5EE08E3-770; 1> name: Tadmin; 1> sAMAccountName: Tadmin; 1> sAMAccountType: 268435456; 1> uSNChanged: 393036; 1> uSNCreated: 393033; 1> whenChanged: 9/19/2001 18:24:23 GMT Standard Time GMT Daylight Time; 1> whenCreated: 9/19/2001 18:23:14 GMT Standard Time GMT Daylight Time; Thanks in advance, Carlos Ferrao _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user